Skip to content

Instantly share code, notes, and snippets.

@jasonk
Last active December 15, 2024 03:38
Show Gist options
  • Save jasonk/480d87b49e4c8caf51932f184ff764b2 to your computer and use it in GitHub Desktop.
Save jasonk/480d87b49e4c8caf51932f184ff764b2 to your computer and use it in GitHub Desktop.
Docker credential helper for authenticating from environment variables

docker-credential-env

This is a very basic Docker credential helper that uses environment variables to authenticate to Docker. It's not as secure as the other credential helpers that Docker provides, but it can be very helpful in some circumstances (such as when using it with Jenkins).

To set this up, install the docker-credentials-env script somewhere in the Jenkins users path (it needs to be named docker-credential-env), then configure the Jenkins user's ~/.docker/config.json file to use it:

{ "credsStore": "env" }

To use it, you need to have the following environment variables set:

DOCKER_REGISTRY - Your registry URL
DOCKER_CREDS_USR - Your username
DOCKER_CREDS_PSW - Your password

If you are using Jenkins Declarative Pipeline, you can do this in the environment section of your Jenkinsfile (see the example Jenkinsfile).

{ "credsStore": "env" }
#!/bin/bash
# docker-credential-env
# 2018 - Jason Kohles
REG="${DOCKER_REGISTRY#https://}"
REG="${REG%%/*}"
die() {
echo "$@" 1>&2
exit 1
}
if [ -z "$REG" ]; then die "DOCKER_REGISTRY not set in environment"; fi
case "$1" in
get)
read HOST
if [ "$HOST" = "$REG" ]; then
printf '{"ServerURL":"%s","Username":"%q","Secret":"%q"}\n' \
"$HOST" "$DOCKER_CREDS_USR" "$DOCKER_CREDS_PSW"
else
die "No credentials available for $HOST"
fi
;;
*)
die "Unsupported operation"
;;
esac
pipeline {
environment {
DOCKER_REGISTRY = 'https://my-docker-registry.example.com'
DOCKER_CREDS = credentials( 'my-docker-credentials' )
}
}
@cowwoc
Copy link

cowwoc commented Dec 15, 2024

FYI, https://github.com/isometry/docker-credential-env seems to be a full-fledged repo dedicated to this concept.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment